exploitDog

CVE-2017-1734

Опубликовано: 24 апр. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22015635
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/134915
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22015635
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/134915
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*

Версия от 5.0 (исключая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.1 (включая)

cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

EPSS

Процентиль: 43%

0.0021

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-pvh9-v9q7-pw9x

CVSS3: 4.3

github

больше 3 лет назад

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.

EPSS

Процентиль: 43%

0.0021

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200